Total
7723 CVE
| CVE | Vendors | Products | Updated | CVSS v2 | CVSS v3 |
|---|---|---|---|---|---|
| CVE-2020-24368 | 3 Debian, Icinga, Suse | 4 Debian Linux, Icinga Web 2, Linux Enterprise and 1 more | 2024-11-21 | 4.3 MEDIUM | 7.5 HIGH |
| Icinga Icinga Web2 2.0.0 through 2.6.4, 2.7.4 and 2.8.2 has a Directory Traversal vulnerability which allows an attacker to access arbitrary files that are readable by the process running Icinga Web 2. This issue is fixed in Icinga Web 2 in v2.6.4, v2.7.4 and v2.8.2. | |||||
| CVE-2020-24219 | 1 Szuray | 95 Iptv\/h.264 Video Encoder Firmware, Iptv\/h.265 Video Encoder Firmware, Uaioe264-1u and 92 more | 2024-11-21 | 7.8 HIGH | 7.5 HIGH |
| An issue was discovered on URayTech IPTV/H.264/H.265 video encoders through 1.97. Attackers can send crafted unauthenticated HTTP requests to exploit path traversal and pattern-matching programming flaws, and retrieve any file from the device's file system, including the configuration file with the cleartext administrative password. | |||||
| CVE-2020-24146 | 1 Cminds | 1 Cm Download Manager | 2024-11-21 | 5.5 MEDIUM | 8.1 HIGH |
| Directory traversal in the CM Download Manager (aka cm-download-manager) plugin 2.7.0 for WordPress allows authorized users to delete arbitrary files and possibly cause a denial of service via the fileName parameter in a deletescreenshot action. | |||||
| CVE-2020-24144 | 1 Media File Organizer Project | 1 Media File Organizer | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Directory traversal in the Media File Organizer (aka media-file-organizer) plugin 1.0.1 for WordPress lets an attacker get access to files that are stored outside the web root folder via the items[] parameter in a move operation. | |||||
| CVE-2020-24143 | 1 Ninjateam | 1 Video Downloader For Tiktok | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Directory traversal in the Video Downloader for TikTok (aka downloader-tiktok) plugin 1.3 for WordPress lets an attacker get access to files that are stored outside the web root folder via the njt-tk-download-video parameter. | |||||
| CVE-2020-24137 | 1 Wcms | 1 Wcms | 2024-11-21 | 5.0 MEDIUM | 5.3 MEDIUM |
| Directory traversal vulnerability in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the path parameter to wex/cssjs.php. | |||||
| CVE-2020-24136 | 1 Wcms | 1 Wcms | 2024-11-21 | 7.8 HIGH | 8.6 HIGH |
| Directory traversal in Wcms 0.3.2 allows an attacker to read arbitrary files on the server that is running an application via the pagename parameter to wex/html.php. | |||||
| CVE-2020-24113 | 1 Yealink | 2 W60b, W60b Firmware | 2024-11-21 | N/A | 9.1 CRITICAL |
| Directory Traversal vulnerability in Contacts File Upload Interface in Yealink W60B version 77.83.0.85, allows attackers to gain sensitive information and cause a denial of service (DoS). | |||||
| CVE-2020-24102 | 2024-11-21 | N/A | 7.6 HIGH | ||
| Directory Traversal vulnerability in Punkbuster pbsv.d64 2.351, allows remote attackers to execute arbitrary code. | |||||
| CVE-2020-23766 | 1 Htmly | 1 Htmly | 2024-11-21 | 5.5 MEDIUM | 6.5 MEDIUM |
| An arbitrary file deletion vulnerability was discovered on htmly v2.7.5 which allows remote attackers to use any absolute path to delete any file in the server should they gain Administrator privileges. | |||||
| CVE-2020-23715 | 1 Webport Cms Project | 1 Webport Cms | 2024-11-21 | 5.0 MEDIUM | 8.6 HIGH |
| Directory Traversal vulnerability in Webport CMS 1.19.10.17121 via the file parameter to file/download. | |||||
| CVE-2020-23575 | 1 Kyocera | 2 D-copia253mf Plus, D-copia253mf Plus Firmware | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| A directory traversal vulnerability exists in Kyocera Printer d-COPIA253MF plus. Successful exploitation of this vulnerability could allow an attacker to retrieve or view arbitrary files from the affected server. | |||||
| CVE-2020-23172 | 1 Kuba Project | 1 Kuba | 2024-11-21 | 4.3 MEDIUM | 5.5 MEDIUM |
| A vulnerability in all versions of Kuba allows attackers to overwrite arbitrary files in arbitrary directories with crafted Zip files due to improper validation of file paths in .zip archives. | |||||
| CVE-2020-23161 | 1 Pyres | 2 Termod4, Termod4 Firmware | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Local file inclusion in Pyrescom Termod4 time management devices before 10.04k allows authenticated remote attackers to traverse directories and read sensitive files via the Maintenance > Logs menu and manipulating the file-path in the URL. | |||||
| CVE-2020-23069 | 1 Webtareas Project | 1 Webtareas | 2024-11-21 | 4.0 MEDIUM | 6.5 MEDIUM |
| Path Traversal vulneraility exists in webTareas 2.0 via the extpath parameter in general_serv.php, which could let a malicious user read arbitrary files. | |||||
| CVE-2020-23061 | 1 Dropouts | 1 Super Backup | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Dropouts Technologies LLP Super Backup v2.0.5 was discovered to contain an issue in the path parameter of the `list` and `download` module which allows attackers to perform a directory traversal via a change to the path variable to request the local list command. | |||||
| CVE-2020-23040 | 1 Sky File Project | 1 Sky File | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Sky File v2.1.0 contains a directory traversal vulnerability in the FTP server which allows attackers to access sensitive data and files via 'null' path commands. | |||||
| CVE-2020-23038 | 1 Kumilabs | 1 Swift File Transfer | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Swift File Transfer Mobile v1.1.2 and below was discovered to contain an information disclosure vulnerability in the path parameter. This vulnerability is exploited via an error caused by including non-existent path environment variables. | |||||
| CVE-2020-22623 | 1 Insightsoftware | 1 Jreport | 2024-11-21 | N/A | 7.5 HIGH |
| Directory traversal vulnerability in Jinfornet Jreport 15.6 allows unauthenticated attackers to gain sensitive information. | |||||
| CVE-2020-22550 | 1 Veno File Manager Project | 1 Veno File Manager | 2024-11-21 | 5.0 MEDIUM | 7.5 HIGH |
| Veno File Manager 3.5.6 is affected by a directory traversal vulnerability. Using the traversal allows an attacker to download sensitive files from the server. | |||||